Post navigation

Today is the day for the release of the Firefox 3 – the first major update from Mozilla since, mmm, Firefox 2. Anyhow, it is eagerly anticipated by many, including those of us who have been using the beta releases over the last few weeks.

To help build publicity and ultimately increase market share, a world record attempt spin has been put on the release, where users can pledge to download and install the software as soon as it is available (reportedly 1800 BST).

Aside from the warm glow of satisfaction from participating in a world record attempt, what exactly do you get for your efforts? There are lots of new features, many of which have web developers excited. But perhaps most important are those that are security focused – specifically the built-in protection against malware and phishing sites. When the victim attempts to visit a known malicious site, they see something like the following (observed when attempting to browse a French gaming site compromised with a malicious Mal/ObfJS-AB script):

As you will most likely be aware, URL filtering is no replacement for content scanning, but it is an important and effective partner to it. Many organizations already deploy technologies to provide both together at the perimeter of the network. For smaller companies and home users, URL filtering within the browser is good news (see also forthcoming features in IE8).

How effective is the protection provided by this filter? Effective URL filtering is not trivial to measure – personally, I would welcome it if any of the established, trusted and skilled security testers out there took on the challenge. The results would be interesting I am sure. Latency is critical to URL filtering – how long a malicious site is up and accessible before it is classified as malicious. That is one of the reasons we go to so much effort within SophosLabs to fully analyze web threats – so we know the purpose of the attack, and can classify all related URLs appropriately.

For the curious out there, there is plenty of information available to explain why a site was blocked. Clicking on the appropriate button takes you to the StopBadware.org site. In the case of the screenshot shown above, it tells us that Google were the organization that reported the URL as malicious. The user can even click through to their Safe Browsing Diagnostic page, which gives even more information about the URL. In this case, the information is quite detailed!

Malicious software includes 5 scripting exploit(s), 4 trojan(s). Successful infection resulted in an average of 8 new processes on the target machine.

So if you do not get the warm ‘fuzzies’ from the world record attempt, perhaps you will from the knowledge that this type of URL filtering within your browser provides yet another, welcome layer of security.